Anybody out there have experience using ICRADIUS (http://icradius.hislora.com.au/) with either the Lucent APX or TNT products? We've configured an APX for typical ISP-style remote-access, and the Radius server crashes out as soon as it receives the first authentication request. More specifically, the first attempt generates 20 or so lines of errors before the radius process quits abruptly and has to be manually restarted. Using the "Radauth" command on the APX seems to work happily enough: admin> help radauth radauth authenticate a name and password via RADIUS. usage: radauth "name" "password" The double-quotes may be omitted if the parameter [name, password] does not contain embedded spaces. admin> radauth matt.watkins knowware ...radauth request queued, awaiting response radauth: 2 admin> Connecting an E1 and waiting for a call is a different matter, the first user authentication attempt kills the radius server process. I would assume it is somehow related to the attributes the APX is sending in the authorisation request? We've imported the Ascend dictionary from the ftp.ascend.com site, but this has had no bearing on the problem. I suspect it may be a dictionary problem, but crashing out seems to be a rather severe response? The customer has been happily running PM-4s through their current system for some time, and I've personally installed two APX chassis into other ISPs without any such problems. Changing RADIUS software is not really viable in the short-term, although I have recommended that the customer take a close look at Radiator (http://www.open.com.au/radiator/). I've reset the nvram on the APX and quickly attempted to set the chassis up from scratch, but simplifying the configuration has not helped. The APX "external-auth" settings are below, with addresses blanked out to protect the innocent. Almost everything is set to the chassis defaults, with the bare minimum of changes. I'm waiting for the customer to forward me all relevant output from the ICRADIUS logs. We have attempted tweaking many of the settings to coax the system into working, but haven't had any luck yet. I am not currently subscribed to the ICRADIUS list, so please copy me in any replies to the list if you have any useful advice. - Matt admin> read external-auth EXTERNAL-AUTH read admin> list [in EXTERNAL-AUTH] auth-type = RADIUS acct-type = none rad-id-space = distinct rad-id-source-unique = port-unique rad-serv-enable = no rad-auth-client = { #.#.#.# 0.0.0.0 0.0.0.0 1645 0 ******* no 1 no no no + rad-acct-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 1 0 acct-base-10 0 0 yes 0 n+ rad-auth-server = { 0 no rad-serv-attr-any [ 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.+ tac-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 } tacplus-auth-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" 0 0 } tacplus-acct-client = { 0.0.0.0 0.0.0.0 0.0.0.0 0 0 "" } local-profiles-first = lpf-yes noattr6-use-termsrv = yes clid-password = *********** dnis-password = *********** admin> list rad-auth-client [in EXTERNAL-AUTH:rad-auth-client] auth-server-1 = #.#.#.# auth-server-2 = 0.0.0.0 auth-server-3 = 0.0.0.0 auth-port = 1645 auth-src-port = 0 auth-key = ******* auth-pool = no auth-timeout = 1 auth-rsp-required = no auth-id-fail-return-busy = no auth-id-timeout-return-busy = no auth-sess-interval = 0 auth-TS-secure = yes auth-Send67 = yes auth-frm-adr-start = no auth-boot-host = 0.0.0.0 auth-boot-host-2 = 0.0.0.0 auth-boot-port = 0 auth-reset-time = 0 auth-id-max-retry-time = 0 auth-radius-compat = old-ascend auth-keep-user-name = change-name auth-realm-delimiters = /\@% id-auth-prefix = "" allow-auth-config-rqsts = yes admin> ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com To get FAQ'd: <http://www.nealis.net/ascend/faq>